<?php

/* This is the database connection class. All parsing, security, and database 
 * queries are done here. */

final class connection {

    private $db;

    function __construct() {
        $this->db = new mysqli("localhost", "root");
    }

    function setDB($n) {
        $this->db = new mysqli("localhost", "root", "", $n);
    }

    function authorize($n, $p) {

        $this->db->select_db("forums");

        $name = strip_tags($n);
        $password = sha1(strip_tags($p));

        $query = "SELECT clearance FROM users WHERE name= ? AND password= ?";

        $stmt = $this->db->prepare($query);
        $stmt->bind_param("ss", $name, $password);

        $stmt->execute();
        $stmt->bind_result($result);
        $stmt->fetch();

        if (empty($result)) {
            return -1;
        } else {
            return $result;
        }
    }

    function createThread($t, $c, $m) {

        $this->db->select_db("forums");

        $title = strip_tags($t);
        $creator = strip_tags($c);
        $message = strip_tags($m);
        $message = substr($message, 0, 1000);

        $query =
                "INSERT INTO thread (title,creator,message, dt, lastpost) 
             VALUES (?,?,?,now(),now())";

        $stmt = $this->db->prepare($query);
        $stmt->bind_param("sss", $title, $creator, $message);

        return $stmt->execute();
    }

    function fetchForum() {

        $this->db->select_db("forums");
        $query = "SELECT * FROM thread ORDER BY lastpost DESC";
        $stmt = $this->db->prepare($query);

        $stmt->execute();
        $resultset = $stmt->get_result();

        while ($row = $resultset->fetch_row()) {
            $table[] = $row;
        }

        return $table;
    }

    function fetchThread($t) {

        $this->db->select_db("forums");
        $thread = strip_tags($t);

        $query = "SELECT * FROM post WHERE parent= ?";
        $stmt = $this->db->prepare($query);
        $stmt->bind_param("s", $thread);

        $stmt->execute();
        $resultset = $stmt->get_result();

        while ($row = $resultset->fetch_row()) {
            $table[] = $row;
        }

        return $table;
    }

    function fetchPage($t, $p) {

        $this->db->select_db("forums");
        $thread = strip_tags($t);
        $page = strip_tags($p);

        $query = 
        "SELECT title,message,dt,creator FROM post WHERE parent= ? AND number<(?*10+1) && number>(?*10-10) ORDER BY number ASC";
        $stmt = $this->db->prepare($query);
        $stmt->bind_param("sss", $thread, $page, $page);

        $stmt->execute();
        $resultset = $stmt->get_result();

        while ($row = $resultset->fetch_row()) {
            $table[] = $row;
        }

        return $table;
    }

    function fetchSize($t) {
        $this->db->select_db("forums");
        $thread = strip_tags($t);
        $page = strip_tags($p);

        $query = 
        "SELECT posts FROM thread WHERE id= ?";
        $stmt = $this->db->prepare($query);
        $stmt->bind_param("s", $thread);

        $stmt->execute();
        $resultset = $stmt->get_result();
        $result = $resultset->fetch_row();
       
        return (($result[0]-$result[0]%10)/10+1);
        
    }
    function post($th, $ti, $msg, $cr) {
        $this->db->select_db("forums");

        $thread = strip_tags($th);
        $title = strip_tags($ti);
        $message = strip_tags($msg);
        $creator = strip_tags($cr);

        $query = "INSERT INTO post (title,creator,message, dt, parent) 
             VALUES (?, ?, ?, now(),?)";

        $stmt = $this->db->prepare($query);
        $stmt->bind_param("ssss", $title, $creator,$message, $thread);

        $stmt->execute();
        
        return "post succes.";
    }
}

?>
